Larry GarfieldUsing #PSR-3 placeholders properly in PHP (and other awesome alliterations).
Neintonine 
@Crell Just curious as a (somewhat) junior programmer:
You state, that passing a variable into a logger message is security risk, but I fail to see it causing much problems, because in the end it will just be send to a logger endpoint (be it graylog, a file or just the stdout). The comparison to SQL doesn't make too much sense to me, because the problem with SQL is that the query gets executed on the database. For a logger this does/should not apply.
The only argument I see is, that for Graylog (or similar tools) it gets send to a database and thus can cause issues, but here I see the program to fix its SQL queries.
I don't think PSR-3 is wrong or anything, but this argument doesn't make sense to me.
You state, that passing a variable into a logger message is security risk, but I fail to see it causing much problems, because in the end it will just be send to a logger endpoint (be it graylog, a file or just the stdout). The comparison to SQL doesn't make too much sense to me, because the problem with SQL is that the query gets executed on the database. For a logger this does/should not apply.
The only argument I see is, that for Graylog (or similar tools) it gets send to a database and thus can cause issues, but here I see the program to fix its SQL queries.
I don't think PSR-3 is wrong or anything, but this argument doesn't make sense to me.
@neintonine Suppose a logged variable contains a Javascript string, and then shows up in a log viewer gui.
Or that it does get saved to a db, for later viewing.
In both cases, it's easier to sanitize if the vars are kept separate from the message template.
User supplied data should always be treated as hostile until proven otherwise.
And that's before we get to the translation question.